Posted
by
samzenpuson Thursday January 19, 2012 @08:07PM
from the was-that-wrong? dept.

wiredmikey writes "A Chinese computer programmer was arrested by U.S. authorities in New York on Wednesday, on charges that he stole proprietary source code while working on a project at the Federal Reserve Bank of New York. The man arrested, Bo Zhang of New York, worked as a contract employee developing a specific portion of the GWA's (Government-Wide Accounting and Reporting Program) source code at the Federal Reserve Bank of New York where the code is maintained. The complaint alleges that in the summer of 2011, Zhang stole the GWA code, something he admitted to in July 2011. Zhang said that he used the GWA Code in connection with a private business he ran training individuals in computer programming."

The Fed is as close to godhood as one gets in public life. You only serve for fourteen years (unlike federal judges), but you also make the money. I suppose the Fed could be abolished, but short of that, you're pretty much set.

The Board of Governors are appointed by the President and their salaries are set by the govt, but the input with which the Fed takes decisions is largely from the member banks. Its one of those strange public-private partnerships, that I would consider mostly private.

And It goes without saying that the board of governors are usually former Wallstreet barons.

Fed is not part of the government. Its a private entity controlled by the members.

You mean all that paper money I keep in my pillow, mattress and bags in my closet with ' Federal Reserve Bank' are not issued by the actual Department of the Treasure, a cabinet position below the US President, but some private firm?!?

I've been swindled! I'm going to complain about this as soon as I finish throwing away my pillow, mattress and all those heavy bags. >:(

The Federal Reserve does not print or issue money. Never have and hopefully never will. Those bills are printed by the Bureau of Engraving and Printing and the coinage is minted by the United States Mint.

The Federal Reserve only puts them into circulation when the Board of Governors authorizes it to do so. It is a bit complicated, but the Federal Reserve itself is a private entity that happens to have a board of publicly appointed figures.

So if the Federal Reserve doesn't "issue money" can you explain the word issue in:

Federal reserve notes, to be issued at the discretion of the Board of Governors of the Federal Reserve System for the purpose of making advances to Federal reserve banks through the Federal reserve agents as hereinafter set forth and for no other purpose, are authorized.

Or are you just sticking to a technically that the Board isn't the Fed, so the Microsoft Board of Directors doesn't count as Microsoft for example.

Or that having the power to direct something to be done isn't the same as doing it - so that whole gulf oil thing a while back has isn't BHPs problem after all they just told their contractors and employees to do it.

That's an awkward bit - it turns its profits to the US Treasury. Does that make sense to you? Me neither.

FED is a bit of arcane entity - it's a public institution that uses private banks as its components. A lot of other countries simply have a specialized central bank, but the US has this distributed system.

No, the Fed is an independent organization within the government and it's run like a corporation in many ways, but it is still part of the government and acts as the central bank for the government. The fact is that there is a meme that says it is not a part of the government, but that is false. http://en.wikipedia.org/wiki/Federal_Reserve_System [wikipedia.org]

From the wiki (the one you linked) : The Federal Reserve System has both private and public components, and was designed to serve the interests of both the general public and private bankers. The result is a structure that is considered unique among central banks. It is also unusual in that an entity outside of the central bank, namely the United States Department of the Treasury, creates the currency used.[12]

Also from the wiki "According to the Board of Governors, the Federal Reserve is independent within

No they are one of the 9? independent agencies within the government that are directly overseen by congress and not a secretary or member of the executive branch. Wikipedia is a starting point, not an authority on any subject since anyone can go in and change things however they want. I provided the link as a place to get started, not as part of my argument. I barely glanced at the information on the page having researched this a couple of years ago. If nothing else the link to the official government

The Fed is not a Federal Entity for some purposes (such as torts); it is clearly a Federal Entity for many other purposes, legal and otherwise. If you don't understand the distinction of "for the purpose of a legal theory," then you should study some law. From Wikipedia:

>>The Federal Reserve Banks have an intermediate legal status, with some

I realize that you are joking. But it makes me wonder why so many on/. would consider this "stealing". Especially when the majority will argue the semantics of stealing when it's regarding music or entertainment data. Less than three hours prior to this,the Megaupload story [slashdot.org] has many defending piracy. Granted, the ramifications of people being arrested outside of the US for piracy is scary. But still, what's the difference between the bits that were taken for the banking code and bits taken for entertainme

In addition to your comment, the source code was never available for sale to any other party. It wasn't "infringement" in that it cost the Fed lost sales, it lost them exclusive access to sensitive data that they only wanted a limited number of people to have access to. The financial loss isn't related to lost sales, but in potential security implications. Apples and Oranges.

In this case, it was more like theft because the Fed lost exclusive use of the software, something that can't be given back once it is in the wild. Piracy is completely different, where 100 copies of a file can cost lost sales of 1 or 2 actual copies, but no loss of use or security is involved, only revenue. With music and movies, you WANT many people to have access to the product, but at a cost. With exclusive software, you want NO ONE to have a copy. Neither is ideal if you own the "property", but they aren't the same.

"In this case, it was more like theft because the Fed lost exclusive use of the software, something that can't be given back once it is in the wild. Piracy is completely different..."

Nope. Piracy is the loss of your right to distribute your material as you see fit because some numbnuts thinks his desires trump your copyright. Copyright is not about revenue. Once disbursed into the wild, it can't be called back either. More same than not.

The article just says chineese it doesn't clarify the exact meaning (racial, country of birth, current citizenship etc).

As I understand it there are some hoops to jump through but generally anyone who has lived in the US as a lawful permanent resident for more than 5 years can become a citizen and afaict it is generally advisable for them to do so.

Re-reading the article it seems the article does in fact say he was on a visa not a citizen but it attributes that information to "a person who did not want to be identified", not to any official statement.

Seriously? I've heard many bad things about COBOL, a lot of it from my own mother who coded in it for many years... But I've never heard a bad word about a COBOL programmer. Can you imagine having to work with that? They're anything but retarded.

Seriously? I've heard many bad things about COBOL, a lot of it from my own mother who coded in it for many years... But I've never heard a bad word about a COBOL programmer. Can you imagine having to work with that? They're anything but retarded.

Of course I'm joking (mostly, though a lot of COBOL programmers are retired by now) banks were extremely slow to ditch code which was written (largely in COBOL or RPG) in favor of the Flavor-of-the-Month, un-tested, un-vetted server languages of the internet age. When Y2K loomed they brought in legions of old COBOL programmers (many of whom were compensated quite well) to review millions of lines of code and patch where necessary. Likely a lot of that code is still there, interfacing with Federal Reserve

The story says that he's Chinese, not that he's a Chinese citizen. Usually, the FBI labels Chinese non-US citizens as "Chinese nationals". In this case, since only the "Chinese" label is being used, it probably only means that he's of Chinese born, or of Chinese origin, but nothing else.

Also, since he "stole" the code for his own private training business, I wonder if it's not just the code he authored that he stole. I'm not trying to excuse his actions, I'm just trying to explain why would someone be so ca

Also, I wonder how they're going to calculate the gross financial loss to the victim (unless the real victim here is the middleman between the government and the individual doing the work, not the government itself). It's not like the government was planning to sell that software. So even if it paid 9 million dollars to get that code written, it doesn't sound like they lost anything by his actions (unless they can prove they have to do additional work trying to make it more secure because of him).

Financial loss isn't just lost revenues, it could be the cost of re-engineering parts of the system in which the private, proprietary algorithms are no longer private and proprietary.

It could also be the cost of extra security measures needed to combat any holes that were exposed by the source being "in the wild."

You can pretty much be assured that his "private business" was actually state business - Chinese state business, to be exact. It's pretty damn well known that any Chinese national you've got on your network is likely to be trying to steal passwords and fish for holes in your network to report back to the homeland government...

Morally? It sounds like he was just using snippets of code he wrote there to teach people CS.

That doesn't sound especially morally bankrupt to me. I know I've had professors who have done work for the DoD who have given lectures on how certain things were done within cruise missiles, etc., which seems a lot more ambiguous than code for the bloody fed.

Morally? It sounds like he was just using snippets of code he wrote there to teach people CS.

If you belive that I've got a bridge to sell you.

If you were looking to teach CS, would you get your code snippets from:

a) One of the plethora of open source projects out thereb) An O'Reilly bookc) Commercially sensitive software that belongs to your employer and that you agreed to not spread aroundd) Something very secret that runs something very scary and boomy-bangy on the B2. %$* @&no carrier

I guess at Fox that's correct editing. Meanwhile the original properly attributes the statement to the defendant, and anyone with reading comprehension skills can tell a defendant's statement is only that, not fact.

But what the hey, if you want to declare fact and guilt before the investigation it presented to a judge, I hear that's pretty big in China. You'd do well there.

“Government-Wide Accounting and Reporting Program” (GWA), a software system owned by the Department of the Treasury that is used mainly to manage central accounting and reporting functions and processes associated with budget execution, accountability, and asset management.

Just sounds like some average bloated corporate code that was stolen. Nothing noteworthy.

“Government-Wide Accounting and Reporting Program” (GWA), a software system owned by the Department of the Treasury that is used mainly to manage central accounting and reporting functions and processes associated with budget execution, accountability, and asset management.

Just sounds like some average bloated corporate code that was stolen. Nothing noteworthy.

He was probably using it as an example of obfuscated code You can't beat code writtent to government specifications for cruft, obfuscation and general unuseability.

I'm guessing it was a huge mess of import and mapping, one per government accounting system 'incorporated'. Awful soul draining work. Decades of government accounting tricks to unscramble, unify, and apply standard book cooking to present a unified coherent lie.

Use it like a club on the students: 'Do you want to end up maintaining this?'

Surely smells like bs. You can't find decent developers? In THIS economy?

A few things to check:- are your expectations realistic, or are you looking for PhD with tons of experience while advertising for recent grad to "save some money"?- are you paying above $10-$15/hr or whatever minimally decent rate is in your area?- do you provide a semi-decent work environment: hardware, software, atmosphere?- are you running a sweatshop (be honest)?

Your attitude is disgusting. I hope that your "company" never finds th

You've got to be fucking kidding. If I hadn't already commented in this thread, I'd mod down this BS.

Likely he got the job because they couldn't hire any qualified US citizens. (That's a requirement in H1B, etc., right? OK, we know that HB1 is also a bit of BS, but...)

The bottom line is that Chinese kids are willing to work, and they actually learn things. American kids are even lazier than the 70s, when they spent half of their time in College drunk or hight. Today, for the first time in its h

If you're a real programmer, you can get a job. Maybe a 45k post as well, as job instead of the 70K or 90K or whatever you like, or a short-term position with even less $ or hours, but if you're willing to move or commute, you can find a job well above minimum wage.

I dropped my rant against this being a racist xenophoblic BS, as someone else had already pointed it out, but seriously. With the incompetent "Geek Squad" charging $400 to transfer data from an old laptop to a new one, you can't find

let me know how those magic numbers work in the real world and not in your imagination while your in your moms basement (shit if I lived in california 45K wouldnt buy a cardboard box to live in)

what does geek squad pay? like 8 bucks an hour a whole 50 cents more than minimum wage, and you dont think I already didnt apply? (yea both best buys are full up on nerds after 4 comp usa's in town shut down a few years ago genius)

and there is nothing racist about my statement, this is a government project outsourcin

I didn't suggest that you *work* for the Geek Squad. I suggested that anyone hungry and with half a clue could steal the Geek Squad's lunch.

More seriously, I get these sort of "jobs" from friends all the time. My bartender approached me last night, and said he took his virus-crashed laptop to Best Buy and they quoted him $400 to move the files off and to his new Mac. He told me he'd give me $200 to do the job-- adding that he had certain files with his wife that were, shall we say, "private" in nature and he didn't trust Best Buy to deal with.

That kind of work is everywhere. If the Geek Squad is charging $100/hr to do very basic tech (setting up DVRs, etc) then you can undercut that-- and provide a professional relationship. It's not work I really want-- but how you beat the big corporate guys, is by providing a better price point, and a better service. Get a $700 suit for $300 on OverStock, treat your customers well, communicate with them in standard written English, establish trust and security. Kiss their rumps if you have to, if you're eating Ramen.

In the end, I don't mean to insult you if your situation is hard. But I'm not going to accept BS, either. If you're not in the sticks where there's no market-- if you are somewhere where there's Best Buy and Comp USA-- then surely, you can still find people with money, who will pay Best Buy if they have no other choice, and take that business. And provide a better value.

As far as this guy-- c'mon. Your proposition is silly. The US Federal government is a damn Dilbert mess, sure, but if they could hire a US-native programmer for the same price (don't assume this guy is a low-ball salary) or even 50% more, they'd probably do so. The talent isn't there.

Of course, that's also a failure of the US Educational system. I'm probably more pissed than you about that, and I understand that the US isn't providing as much educational investment and opportunity for young people, as, for instance, China. But the young in the US also have an enormous sense of entitlement, of wishing and thinking they should get something for nothing.

I worked hard in College and grad school. I put in the 80+ hour weeks, and I still do. I've lived in CA-- if you can't downsize enough to live on $45K in the Mission, or Berkeley (or the burbs), c'mon, $45K is still a lot of money. I've made 100x that in a year, and I've lived on a quarter of that in other years. Adjust to your means and make the best of it-- if you can't pull in $45K, then don't try to live a $45K lifesytle.

Seems every other day we're hearing about some chinese scientist or programmer that steals US proprietary secrets of some kind. Why does this keep happening? I thought the whole point of a background check was to avoid this sort of thing. Review where you f'ed up in the background check. See what you knew at the start that should have been a red flag and then add it to the disqualified list. If you were fooled at that point or didn't get enough information then see to it that you're harder to fool and gather more information. This is just sad.

You can do all the background checks you want. If a representative of the Chinese government says "Here's 20K$ to hand us some code", a very large percentage of people will say "Deal". If a representative of the Chinese government says "hand us the code you work on, or your relatives in China disappear", a very large percentage of people will say "what sort of media would you like it on".

You can do all the background checks you want. If a representative of the Chinese government says "Here's 20K$ to hand us some code", a very large percentage of people will say "Deal". If a representative of the Chinese government says "hand us the code you work on, or your relatives in China disappear", a very large percentage of people will say "what sort of media would you like it on".

Part of the process for some of these checks, especially for security clearances, is to find and weed out the candidates who are likely to disclose confidential information. It probably wasn't too rigorous in this case since security clearances and the extensive background checks that go with them are reserved only for US citizens. Getting a clearance, however, can be quite extensive, with investigators running down and questioning everyone you've lived and worked with for the past decade, administering p

First, they look for people that don't have pride in their personal honor and integrity. Ideally, you're looking for people that will not violate their oaths because they have deep seated principles. This is detectable.

Second, you disqualify anyone that has weaknesses. Drunks, drug addicts, gamblers, womanizers, people with family in countries where pressure could be put on them, connections to organized crime, any connection to fringe political organizations, membe

America is LOADED with Chinese spies. China is in a cold war with the west, and the west is disregarding it. Sad.

No, it is something to be proud of. That such things can happen is a necessary consequence of a free society. It's one of the many things encompassed by the saying that, "Freedom isn't free."

We've already destroyed far too much of our freedom because of an irrational fear of practically non-existant terrorists, we should not sacrifice any more of the fundamental principles that make american society superior to chinese society. Unless, of course, civil liberties aren't inherently better than authoritaria

Civil Liberties does NOT require a lack of security. In this case, a foreigner, esp. a Chinese national (and yes, he was chinese national) should not have access to this code. Likewise, I have had 2 jobs where I have dealt with chinese spy. In one case, they OPENLY admitted that they wanted to take our work to China. Even spoke of how to get it out of the nation.

And what threat is non-existant? AQ? They are very real. I DO think that we have acted overboard to them, and what the neo-cons did was INSANE.

The idea that america is "loaded" with spies implies a call for change in government policy. Even your anecdotes don't rise to the level that requires government action - if you knew that guy was plotting espionage than tell your boss, get him fired and the problem is solved.

And yes, AQ's threat to the US is and has been effectively non-existant. They shot their wad on 9-11 and since then the best they could muster has been incompetents like the shoe, underwear and times square bombers - even if they had

The idea that america is "loaded" with spies implies a call for change in government policy. Even your anecdotes don't rise to the level that requires government action - if you knew that guy was plotting espionage than tell your boss, get him fired and the problem is solved.

I'm a Progressive, and I figure MOST wars are for profit and a scam. I'm not big on the Security State or the Pentagon.

Having said that... are you fricken' kidding me? The only reason nobody cares if some Chinese national is stealing th

Actually, I took it to the FBI. And we need a massive change in our employee security policies, as well as how sub-contracts are handled.

No, we have been stopping AQ. They continue to make attempts. Constantly. I can tell you about this. My little sister works for an airline at an airport. She knows a number of TSA folks. She has been there when they pull ppl aside of weird things. Regularly, it is muslims that have oddly shaped items such as plastic toy knives, hidden in weird areas. Basically, they are

oh, the guy was not an employee. He was attempting to invest into our company. Basically, he claimed to be from Taiwain years ago. He made his money in multiple chinese restaurants. One of the conditions buried in it was that our equipment became his if he decided that the company was not worth anything. When he turned down the offer, then he wanted to 'rent' the equipment for a time to take to China. Promised 10 million. Then 50 million. Said that he had ways to get it out there. The FBI is looking in

Not just Chinese spies... America is LOADED with Mossad and AIPAC agents. Turkish agents. Saudi princes ready to party. Ukrainian mafia probably put about a Billion dollars in the coffers of the Bush family -- likely they are rolling in Opium today. It's all up for grabs...

Nobody is going to attack America if they can merely bid for the Speaker of the House. I'm wondering when Christies is going to quit playing with the chump change million dollar art auctions and organize this mayhem into a profitable ent

While I do not know about other nation's spies, I KNOW that they exists. That is a given. However, with the chinese, they are pressing like there is no tomorrow. Upwards of 10% or more of Chinese are either outright spies, or are fronts for spy operations and will gladly send tech out of the nation. That includes those that have been naturalized esp. over the last 20 years.

But, I fully agree with you about CONgress. So many are on the take from China, Foreign nations, Groups representing illegals, union

>FBI Assistant Director in Charge Janice K. Fedarcyk [said] “His intentions with regard to that software are immaterial.>Stealing it and copying it threatened the security of vitally important source code.”

And what's so important about the security of accounting code? Would it be so bad if this were open source-- heck, the whole process, so that citizens could actually see the financial operations and transactions of Federal Agencies, before tens of millions get embezzelled or spent in

When I worked for J. P. Morgan before the Chase merger and for a year afterwards, security was so tight I can't think of any way I COULD have stolen code if I wanted to. I don't think my PC even had a floppy drive or a USB port, and everything was on servers, not local machines. Even the MS Access '98 code I wrote resided on servers, though I did have edit copies on my local hard drive.

I went through the usual security checks -- fingerprint submissions to police, FBI, and CIA, etc. Those checks are pr

After reading comments about how there are no Americans talented or qualified enough to fill this position, I have to point something out:

There are plenty of American software engineers that could do this job. There aren't plenty of American software engineers that could do this job for the crap pay they were most likely offering. It's not a matter of unwillingness, it's a matter of being able to support a family in the current environment. Corporations whine and whine about no talent being available, bu

So, the DOJ used to have code and no longer does? How much effort is it going to take to recreate this stolen code?

Seriously, folks. We need to start using more descriptive vocabulary to differentiate between 'taking something away from somebody' and 'duplicating something'. These have very different outcomes and should have different name space. 'Copy' is the term that I prefer.

2. USA is just as bad as China when it comes to covert internet access, just that China doesn't run around complaining like a little girl when it happens.

I can't decide if this is misogynist, bully-ist, antidemocratic, or just silly.

Your other point is good, though. It's a guy teaching. I don't have any problem with him using the code, he just should have asked permission and they should have been willing to give it to him. Problem is they see it as something it's worth making an example over--possibly destroying his life because he didn't see a problem with using a snippet of code that, in all likelihood, it was not a problem to use.

It should have been 'Programmer Steals Code..' Not 'Chinese Programmer Steals Code...'

Well, to be fair, the fact that he is not a US-citizen seems relevant. I am not the first to express surprise that a foreign worker was hired and had access to something so sensitive. I seem to remember that even federal internships often require citizenship. A lot easier to check US-citizen background when hiring, I imagine.

Is it a wonder that there is a growing contempt for China and its actions?

If all it takes is for one citizen to copy a bit of code for you to hold his country in contempt, then you must really hate America after all those people lost billions of dollars in the Enron scandal. Of course, I chose the Enron example at random, but there are probably thousands of criminal acts occurring across the country every day. If you are going to just single out the ones committed by people of Chinese decent then think that says more about you than China.

FTA: "he used the GWA Code in connection with a private business he ran training individuals in computer programming"
Training individuals who are interested in the Fed's software? Now who (cough) would be interested in that?

if you would read Henry Paulson's "On the Brink" he specifically talks about how the Russian government tried to do EXACTLY this in 2008 with the help of the Chinese government. But the Chinese government told the Russians to fuck off and die in a fire. Why ?Partly because Henry Paulson had been the CEO of Goldman Sachs and heavily involved in China for the past several years, . . . his book mentions far more discussions with Chinese leaders during the crash of 2008 than he mentions people like Dick Cheney

Yeah the joke is that there are no jokes. There's really not much to laugh about.

If only people knew what the Federal Reserve was, what it did, and how it affected their everyday life without any oversight from their elected representatives. Around a fifth of Americans are already aware, and that number is growing. They aren't devoted to Republicans or Democrats. They are simply aware. These people may disagree on how to solve the problem but the key thing is, they see there is a huge problem. Things are go